Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add HTTPS support with OpenSSL (CL+SSL) #115

Merged
merged 9 commits into from
Aug 11, 2024
Merged

Add HTTPS support with OpenSSL (CL+SSL) #115

merged 9 commits into from
Aug 11, 2024

Conversation

fukamachi
Copy link
Owner

@fukamachi fukamachi commented Aug 10, 2024

Usage

Use SSL key arguments of woo:run or clack:clackup.

(woo:run app
         :ssl-cert-file #P"path/to/cert.pem"
         :ssl-key-file #P"path/to/key.pem"
         :ssl-key-pass "password")

(clack:clackup app
               :ssl-cert-file #P"path/to/cert.pem"
               :ssl-key-file #P"path/to/key.pem"
               :ssl-key-pass "password")

To disable the HTTPS support to omit a dependency on CL+SSL, add woo-no-ssl to cl:*features*.

TODO

  • Basic implementation
  • HTTPS for static files
    • [FUTURE TASK] Add a flag to use SSL_sendfile (Using Kernel TLS) for better performance
  • Refactoring
    • Wrap symbol references to internal symbols of cl+ssl
    • Better to reduce conditional flows (socket-ssl-stream)
  • Add a feature to disable HTTPS to omit the dependency on cl+ssl
  • Run tests for HTTPS
  • Proper error code handling on SSL I/O (ssl-read/ssl-write)
  • Benchmark to make sure its performance downgrade is limited or permissible
    • Not much difference from the master branch
    • Single thread: HTTP = 61k / HTTPS = 56k
    • 4 threads: HTTPS = 137k / HTTPS = 105k

@fukamachi fukamachi mentioned this pull request Aug 10, 2024
@fukamachi fukamachi marked this pull request as ready for review August 11, 2024 15:05
@fukamachi fukamachi changed the title [WIP] SSL support with CL+SSL. SSL support with CL+SSL. Aug 11, 2024
@fukamachi fukamachi changed the title SSL support with CL+SSL. Add SSL support with OpenSSL (CL+SSL) Aug 11, 2024
@fukamachi fukamachi changed the title Add SSL support with OpenSSL (CL+SSL) Add HTTPS support with OpenSSL (CL+SSL) Aug 11, 2024
@fukamachi fukamachi merged commit 8cfaced into master Aug 11, 2024
2 checks passed
@daninus14
Copy link
Contributor

Hi

I'm trying this by running

/root/.roswell/bin/clackup --server woo --debug nil --address "0.0.0.0" --port "443" --ssl-cert-file "/etc/letsencrypt/live/mydomain/cert.pem" --ssl-key-file "/etc/letsencrypt/live/mydomain/privkey.pem" "app.lisp"

Where app.lisp is:

(lambda (env)
  (declare (ignore env))
  '(200 () ("Hello from Woo Server")))

When I navigate in chrome to the domain, I get the following error in the terminal on the server:

Woo server is going to start.
Listening on 0.0.0.0:443.
 <ERROR> [18:13:56] woo - HTTP parse error: INVALID-METHOD: invalid HTTP method
 <ERROR> [18:13:56] woo - HTTP parse error: INVALID-METHOD: invalid HTTP method

Any ideas on what's going on?

For reference the letsencrypt generated certificates are the following (this is the readme file):

This directory contains your keys and certificates.

`privkey.pem`  : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem`     : will break many server configurations, and should not be used
                 without reading further documentation (see link below).

WARNING: DO NOT MOVE OR RENAME THESE FILES!
         Certbot expects these files to remain in this location in order
         to function properly!

We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants